You should have heard about ransomware by now. Cyber-criminals access and encrypt your data and you have to pay a “ransom” for the key to unlock your data. If you have a backup you can revert to that and forget about the hackers threats. Leakware (also known as extortionware) is similar, but now the bad actors are threatening to post your confidential information online if you don’t pay up.
When you think about it, there are probably many things your business would not want to be shared publicly. This could be your IP (intellectual property), your secret sauce recipe, your customer database with all the details or even your financial data.
The public sector is particularly at risk against leakware. Attackers threaten to publish confidential and personal data online. Healthcare organisations are the top targets, with the bad actors saying they will publish the stolen sensitive data online.
Leakware doesn’t just affect you and your business. It can hurt all the people whose data is leaked. That information makes customers / patients more likely to be victims of fraud or identity theft.
As with ransomware, leakware is costly. Beyond the actual ransom paid, you could pay associated costs such as:
- downtime.
- angry clients or customers.
- lost sales opportunities.
- attack mitigation and recovery costs and time.
- fines for non-compliance.
- damage to your company brand and reputation.
- penalties for unmet contractual obligations to customers.
- fees for fraud protection offerings to affected individuals.
“Nearly 3 out of 4 companies infected with ransomware suffer two days or more without file access.” — Acronis
Leakware – Planning and Prevention
Leakware is a more recent evolution of ransomware. In Johannesburg recently, hackers compromised passwords, and financial and personal population data. They demanded four bitcoins, or else they would reveal the stolen information and how they breached the city systems. The City of Johannesburg chose not to pay, and at this time it is unknown if the data was released or not.
Preventing a leakware attack requires the same precautions as ransomware. To start, use an up to date antivirus software and maintain a strong firewall.
It is important to keep your computer systems up to date with the latest software patches. Do not ignore those notifications about system or software version upgrades! They can contain the patches you need to prevent vulnerabilities. Bad actors are always exploiting new methods of spreading malware. Security patching is the manufacturer’s effort to help you stay ahead of criminals.
It’s also a good idea to limit access based on the principle of least privilege. Authorise users for access only to data, software, or systems that they need based on their roles. When those responsibilities change, reconfigure the user’s access. Having few people with access makes it harder for a bad actor to get all your data.
Set up content scanning and mail server filters. At the same time, do not rely just on technology alone. You need to educate your staff about the risk of social engineering and using public wireless internet. Make sure your people don’t enter sensitive information when offsite or if they need to enter data to use a trustworthy Virtual Private Network (VPN).
Keep good data backups, as well. We recommend at least using the 3-2-1 approach. Keep three copies of your data. Backup one version to the cloud, and have the other two stored on different devices (e.g. on your local computer and on a backup drive).
Leakware and ransomware incidents are on the rise. No business or industry is immune and it doesn’t matter if you are a small or large organisation. Protect your data. If you need help with your prevention efforts, give us a call 08 8326 4364 or su*****@dp*********.au.
